I am not using custom rules for fail2ban , in fact my fail2ban is using the default settings , i do not have that file zzz-custom in that directory however jail.conf is using the default jail time for every filter , witch is :
# "bantime" is the number of seconds that a host is banned. bantime = 10m
# A host is banned if it has generated "maxretry" during the last "findtime" # seconds. findtime = 10m
# "maxretry" is the number of failures before a host get banned. maxretry = 5
# "maxmatches" is the number of matches stored in ticket (resolvable via tag <matches> in actions). maxmatches = %(maxretry)s
The issue i was having was due 2 mail clients with bad configuration i had on my iphone , iphone already comes with a mail client that i configured in the past , however recently i was unable to find its icon and i installed outlook too , but then 1 week ago i had to reinstall the mail server again due to a hdd failure , since iphone was conected to my lan using wifi then i got in mail server my public ip , this was the reason why auth failure was in log file , inactivity was probably because those clients hang too long in imap and dovecot reported 1st the failed authentication and then after that reported the same failed auth but with inactivity witch is related so same client . After removing the configurations from both clients in iphone this did not happened again .